Government impersonation scams are rising fast — and criminals are getting better at using real-world crises to make their lies believable.
On February 28, 2026, Iranian missile strikes hit parts of Dubai, creating fear and uncertainty. Within hours, scammers began calling residents pretending to represent a department called “Dubai Crisis Management,” supposedly linked to Dubai Police.
The problem? The department didn’t exist.
In a Nutshell
The callers claimed they were helping residents protect their identities during the emergency. In reality, they were trying to steal sensitive information such as UAE Pass credentials and Emirates ID numbers. With this data, scammers could launch a SIM swap attack — transferring a victim’s phone number to a SIM card they control and intercepting banking verification codes.
Dubai Police quickly warned residents that authorities never ask for confidential information or verification codes over the phone. But the scam had already begun spreading.
Criminals often monitor breaking news and launch scams within hours of a crisis. Disasters, security incidents, and emergencies create confusion — and scammers use that fear to pressure victims into acting quickly.
The Dubai scam followed a familiar pattern used by impersonation fraudsters around the world. First, criminals monitor major news events and activate scam operations as soon as a crisis breaks. They then call potential victims using spoofed phone numbers that appear official.
Next, the caller introduces a government department that sounds legitimate but cannot easily be verified. Victims are told their identity or bank account could be at risk because of the crisis and that immediate verification is required.
In the Dubai case, residents were asked to provide UAE Pass login details or Emirates ID numbers. With that information, scammers could contact the victim’s mobile carrier and request a SIM transfer.
Once the phone number is moved to the scammer’s SIM card, the victim’s phone suddenly loses signal while the scammer receives all incoming messages — including one-time passwords used for online banking. At that point, accounts can be emptied within minutes.
A SIM swap attack occurs when a criminal convinces a mobile carrier to transfer your phone number to a SIM card they control.
To make the request convincing, scammers first gather personal information such as ID numbers, phone numbers, and account details. Once the transfer happens, your phone stops receiving calls and messages, while the scammer receives them instead.
Because many banks use SMS verification codes to confirm logins or transactions, controlling the phone number allows criminals to access banking apps and authorize payments.
A sudden loss of mobile signal can sometimes be the first sign that a SIM swap is happening.
The first warning sign is a department or agency you cannot verify. Scammers often invent official-sounding names such as “Crisis Management Unit” or “Digital Safety Bureau.” Real government agencies can always be confirmed through official websites and contact directories.
The second warning sign is urgency tied to breaking news. The crisis itself may be real, but government agencies rarely contact citizens individually by phone during emergencies asking for personal verification.
The third warning sign is a request for sensitive information. No legitimate government agency will ask for passwords, verification codes, ID numbers, or banking details over the phone.
The fourth warning sign is pressure to act immediately. Scammers often claim accounts will be frozen or identities compromised unless the victim responds instantly. This urgency is designed to prevent victims from stopping to verify the request.
Yes — and quickly. Authorities reported more than 330,000 government impersonation complaints in 2025, with losses reaching hundreds of millions of dollars.
Advances in technology are also making these scams more convincing. AI tools can clone voices, generate convincing messages, and automate large-scale scam campaigns. Combined with caller ID spoofing and messaging platforms, criminals can reach thousands of potential victims within minutes of a crisis.
Despite these advances, the rule remains simple: no legitimate government agency will call you to ask for passwords, verification codes, or personal ID details.
If you receive a suspicious call, the safest response is to hang up and contact the government agency using the official phone number listed on its website.
Government impersonation scams succeed because they exploit fear during real-world crises. The Dubai example shows how quickly criminals can act when breaking news creates confusion and urgency. Remember the key rule: if someone claiming to represent a government agency asks for passwords, verification codes, or personal ID details over the phone, it’s almost certainly a scam. Hanging up and verifying the contact through official channels can protect both your identity and your bank account.
Adam Collins is a cybersecurity researcher at ScamAdviser who operates under a pseudonym for privacy and security. With over four years on the digital frontlines and 1,500+ days spent deconstructing thousands of fraud schemes, he specializes in translating complex threats into actionable advice. Adam’s mission is simple: exposing red flags so you can navigate the web with confidence.
